Most of my appliances allow me to map a user account to a specific role.
For example, in LDAP authenticator i can say if user belongs to group "Domain Admins" give them Admin rights. If user belongs to group "Viewers" give them adminro rights. Im trying to implement something like this on the "Console Access" rule on the firewall. Anyone have any ideas?
EDIT: i should note that this is for compliance with DOD's "least privilege" policy.
Solved! Go to Solution.
On the firewall an administrative-user is either an 'admin' (full access) or an 'adminro' (read-only access) and this cannot be changed based on the reply from the LDAP server (or from any other authentication server).
On the firewall an administrative-user is either an 'admin' (full access) or an 'adminro' (read-only access) and this cannot be changed based on the reply from the LDAP server (or from any other authentication server).
Thanks for the response!
FYI, you should note this for the Stonesoft transition..... in the Public space (government) there is a requirement to have least privilege implemented. I dont know how McAfee got past DOD compliance without having this, but it will get flagged at some point.
Thanks for your time.
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA